Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks, and other illegal activities, and many businesses are leaving themselves vulnerable to attacks because their Linux infrastructure is misconfigured or poorly managed.
According to VMware cybersecurity researchers, malware targeting Linux-based systems is growing in volume and complexity, with a lack of attention on controlling and identifying threats against them. This follows an increase in the adoption of cloud-based services by businesses due to the emergence of hybrid working, with Linux being the most frequent operating system in these settings.
The rise has opened new avenues for cyber criminals to compromise enterprise networks, including ransomware and cryptojacking attacks tailored to target Linux servers in environments that may not be as closely monitored as those running Windows.
These attacks are intended to have the greatest possible impact, as cyber criminals attempt to compromise as much of the network as possible before initiating the encryption process and demanding a ransom for the decryption key.
Ransomware has evolved to target Linux host images used to spin up workloads in virtualised environments, allowing attackers to encrypt large swaths of the network at once, complicating incident response. Attacks on cloud environments also result in attackers taking data from servers, which they threaten to release unless a ransom is paid.
REvil, DarkSide, and Defray777 are among the ransomware families that have been observed attacking Linux systems, and it’s likely that more ransomware families will emerge that target Linux as well.
Linux servers are increasingly being targeted by cryptojacking and other malware attacks. Cryptojacking software mines cryptocurrency by stealing processing power from CPUs and servers.
Attacks on all operating systems are frequently undetected. While cryptojackers consume energy and may cause systems to slow down, the drain is usually insignificant enough to create substantial disruption. The open-source XMRig miner is the most popular application for mining Monero, and many of these are running on Linux servers. Cryptojacking can easily go undetected if the Linux system isn’t properly monitored, and cyber criminals are aware of this.
In order to maximise their damage with the least amount of effort possible, cyber criminals are substantially increasing their scope and adding malware that targets Linux-based operating systems to their attack toolset, said Giovanni Vigna, senior director of threat intelligence at VMware. Cyber attackers have realised that compromising a single server can offer a big reward rather than infecting a PC and then moving on to a higher value target.
When compared to similar attacks targeting Windows systems, many of the cyberattacks targeting Linux environments are still relatively simple, which implies that many of these attacks may be avoided with the proper strategy to monitoring and securing Linux-based systems. This covers cybersecurity hygiene practises like not using default passwords and not sharing a single account with several users.
Concentrate on the fundamentals. The truth is that the majority of your opponents are not technologically advanced. They’re not hunting for one-of-a-kind exploits; instead, they’re seeking for open vulnerabilities and misconfigurations in general. Prioritise those before moving on to zero-day attacks and new vulnerabilities, be sure you’ve handled the basics first.